Security Breaches, Hacks & Concerns – August 2019
Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in August 2019.
If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible. In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.
Remember that outdated software is the number one reasons websites and devices get hacked.
WordPress Plugin Vulnerabilities:
- Email Subscribers & Newsletters
- 301 Redirects Addon Bulk Uploader
- Login or Logout Menu Item
- ND Booking
- ND Donations
- ND Learning Courses
- Popup Builder
- PPOM for WooCommerce
- Ultimate Member
- Woody Ad Snippets
- WP Fastest Cache
WordPress Theme Vulnerabilities:
- Real Estate 7
Breaches From Around the Web
Microsoft Bluetooth Vulnerability
Microsoft’s August security patch included a fix for an Encryption Key Negotiation of Bluetooth Vulnerability. The exploit makes it easier for an attacker to brute force the Bluetooth session and the decrypt the traffic between devices. Be sure to apply the August security patch.
Suprema’s Biostar 2 Insecurely Stores 27.8 Million Biometrics Credentials
Security researchers Noam Rotem, Ran Locar, and vpnMentor discovered the unencrypted database containing sensitive information about companies and their employees. After breaching the database, the researches were able to find employees personal information, usernames and passwords. vpnMentor also mentions that their team got their hands on over a million facial and fingerprint records.
Thanks to iThemes for compiling this information!